DESKTOP
IPVanish | June 20, 2022
IPVanish, a no-log VPN provider, has released its formal response to impending internet surveillance and data retention legislation in India. In a blog post published on June 7, IPVanish stated that they will not compromise on their no-logs policy despite this new directive demanding logs from VPN providers.
According to this new legislation, VPN providers would be required to collect certain customer data and may need to provide that information to Indian authorities. While the directive is not set to go into effect until later this month, IPVanish remains firm in its stance on protecting its customers’ privacy and will continue operating its Indian servers for the time being. Should the directive be enforced, IPVanish has stated that they will continue to prioritize their consumers' privacy and will take any required action, including shutting down physical servers in India to comply with the Indian government's directive.
“Privacy will never be something we sacrifice, While we will remain watchful of this impending legislation in India, IPVanish is standing firmly by our zero traffic logs policy, and is prepared to take proper action should the law go into effect.”
Subbu Sthanu, VP of Strategy & Product Management at IPVanish
In April, IPVanish had its technology and no-log VPN privacy practices audited and certified by a respected independent third-party cybersecurity consulting firm.
The IPVanish VPN service delivers:
Secure access to the fastest VPN in the world
End-to-end network encryption and data protection
User-friendly apps for macOS, Windows, iOS, Android, and Amazon Fire TV
A verified no-logs policy
24/7 customer support
About IPVanish:
IPVanish is a worldwide online privacy and freedom advocate. Providing secure access to shared IPs and servers in 75+ locations, IPVanish consistently tests as the fastest VPN service globally, while maintaining industry-best security, reliability, and privacy protection standards.
Read More
VIRTUAL DESKTOP STRATEGIES
Red River | June 16, 2022
Red River, a technology transformation company serving government and enterprise customers, today announced it has achieved the Microsoft Azure Virtual Desktop (formerly Windows Virtual Desktop) advanced specialization, validating the Company’s deep knowledge, experience and expertise in deploying, scaling, and securing virtual desktop infrastructure on Azure.
“Red River continues to invest in its technical capabilities through certifications, specializations and employee development, We are excited to have earned the Azure Virtual Desktop advanced specialization from Microsoft, adding to our portfolio of advanced specializations and validating our ability to leverage Azure technologies to drive positive business and mission outcomes for our customers.”
Jason Waldrop, President of Managed Services at Red River
Supporting secure remote work for employees is more critical than ever. Microsoft Azure Virtual Desktop is a Microsoft solution that seamlessly integrates with other Microsoft products and allows customers to implement virtual desktops in a scalable, secure, and cost-effective way. Partners with validated capabilities in implementing Azure Virtual Desktop can help customers deploy and navigate the licensing efficiencies it offers to deliver the solution that is most efficient for their organization.
About Red River
Red River brings together the ideal combination of talent, partners and products to disrupt the status quo in technology and drive success for business and government in ways previously unattainable. Red River serves organizations well beyond traditional technology integration, bringing more than 25 years of experience and mission-critical expertise in security, networking, data center, collaboration, mobility and cloud solutions.
Read More
VMWARE
VMware | February 09, 2022
As the most common cloud operating system, Linux is a core part of digital infrastructure and is quickly becoming an attacker’s ticket into a multi-cloud environment. Current malware countermeasures are mostly focused on addressing Windows-based threats, leaving many public and private cloud deployments vulnerable to attacks that target Linux-based workloads.
VMware, Inc. released a threat report titled “Exposing Malware in Linux-based Multi-Cloud Environments.” Key findings that detail how cybercriminals are using malware to target Linux-based operating systems include:
Ransomware is evolving to target Linux host images used to spin workloads in virtualized environments;
89 percent of cryptojacking attacks use XMRig-related libraries; and
More than half of Cobalt Strike users may be cybercriminals, or at least using Cobalt Strike illicitly.
Cybercriminals are dramatically expanding their scope and adding malware that targets Linux-based operating systems to their attack toolkit in order to maximize their impact with as little effort as possible. Rather than infecting an endpoint and then navigating to a higher value target, cybercriminals have discovered that compromising a single server can deliver the massive payoff and access they’re looking for. Attackers view both public and private clouds as high-value targets due to the access they provide to critical infrastructure services and confidential data. Unfortunately, current malware countermeasures are mostly focused on addressing Windows-based threats, leaving many public and private cloud deployments vulnerable to attacks on Linux-based operating systems.”
Giovanni Vigna, senior director of threat intelligence at VMware
As malware targeting Linux-based operating systems increases in both volume and complexity amid a rapidly changing threat landscape, organizations must place a greater priority on threat detection. In this report, the VMware Threat Analysis Unit (TAU) analyzed the threats to Linux-based operating systems in multi-cloud environments: ransomware, cryptominers, and remote access tools.
Ransomware Targets the Cloud to Inflict Maximum Damage
As one of the leading breach causes for organizations, a successful ransomware attack on a cloud environment can have devastating consequences.(2) Ransomware attacks against cloud deployments are targeted, and are often combined with data exfiltration, implementing a double-extortion scheme that improves the odds of success. A new development shows that ransomware is evolving to target Linux host images used to spin workloads in virtualized environments. Attackers are now looking for the most valuable assets in cloud environments to inflict the maximum amount of damage to the target. Examples include the Defray777 ransomware family, which encrypted host images on ESXi servers, and the DarkSide ransomware family, which crippled Colonial Pipeline’s networks and caused a nationwide gasoline shortage in the U.S.
Cryptojacking Attacks Use XMRig to Mine Monero
Cybercriminals looking for an instant monetary reward often target cryptocurrencies using one of two approaches. Cybercriminals either include wallet-stealing functionality in malware or they monetize stolen CPU cycles to successfully mine cryptocurrencies in an attack called cryptojacking. Most cryptojacking attacks focus on mining the Monero currency (or XMR) and VMware TAU discovered that 89 percent of cryptominers used XMRig-related libraries. For this reason, when XMRig-specific libraries and modules in Linux binaries are identified, it is likely evidence of malicious cryptomining behavior. VMware TAU also observed that defense evasion is the most commonly used technique by cryptominers. Unfortunately, because cryptojacking attacks do not completely disrupt the operations of cloud environments like ransomware, they are much more difficult to detect.
Cobalt Strike Is Attackers’ Remote Access Tool of Choice
In order to gain control and persist within an environment, attackers look to install an implant on a compromised system that gives them partial control of the machine. Malware, webshells, and Remote Access Tools (RATs) can all be implants used by attackers in a compromised system to allow for remote access. One of the primary implants used by attackers is Cobalt Strike, a commercial penetration testing and red team tool, and its recent variant of Linux-based Vermilion Strike. Since Cobalt Strike is such a ubiquitous threat on Windows, the expansion out to the Linux-based operating system demonstrates the desire of threat actors to use readily available tools that target as many platforms as possible.
VMware TAU discovered more than 14,000 active Cobalt Strike Team Servers on the Internet between February 2020 and November 2021. The total percentage of cracked and leaked Cobalt Strike customer IDs is 56 percent, meaning that more than half of Cobalt Strike users may be cybercriminals, or at least using Cobalt Strike illicitly. The fact that RATs like Cobalt Strike and Vermilion Strike have become a commodity tool for cybercriminals poses a significant threat to enterprises.
“Since we conducted our analysis, even more ransomware families were observed gravitating to malware targeting Linux-based systems, with the potential for additional attacks that could leverage the Log4j vulnerabilities,” said Brian Baskin, manager of threat research at VMware. “The findings in this report can be used to better understand the nature of this malware and mitigate the growing threat that ransomware, cryptomining, and RATs have on multi-cloud environments. As attacks targeting the cloud continue to evolve, organizations should adopt a Zero Trust approach to embed security throughout their infrastructure and systematically address the threat vectors that make up their attack surface.”
Methodology
The VMware Threat Analysis Unit (TAU) helps protect customers from cyberattacks through innovation and world-class research. TAU is composed of malware analysts, reverse engineers, threat hunters, data scientists, and intelligence analysts at VMware. To understand how to detect and prevent attacks that bypass traditional, file-centric, prevention strategies, TAU focuses on techniques that were once the domain of advanced hackers and are now moving downstream into the commodity attack market. The team leverages real-time big data, event streaming processing, static, dynamic and behavioral analytics, and machine learning.
TAU applied a composition of static and dynamic techniques to characterize various families of malware observed on Linux-based systems based on a curated dataset of metadata associated with Linux binaries. All the samples in this dataset are public and therefore they can be easily accessed using VirusTotal or various websites of major Linux distributions. TAU collected more than 11,000 benign samples from several Linux distributions, namely, Ubuntu, Debian, Mint, Fedora, CentOS, and Kali. TAU then collected a dataset of samples for two classes of threats, namely ransomware and cryptominers. Finally, TAU collected a dataset of malicious ELF binaries from VirusTotal that were used as a test malicious dataset. TAU started collecting the dataset in June 2021 and concluded in November 2021.
About VMware
VMware is a leading provider of multi-cloud services for all apps, enabling digital innovation with enterprise control. As a trusted foundation to accelerate innovation, VMware software gives businesses the flexibility and choice they need to build the future. Headquartered in Palo Alto, California, VMware is committed to building a better future through the company’s 2030 Agenda.
Read More
SERVER VIRTUALIZATION
Virtuozzo | June 14, 2022
Virtuozzo, the alternative cloud platform leader, today announced it was named Cloud Enabler of the Year during the 19th annual Storage Awards hosted by Storage Magazine. Filling a void in the cloud enablement market, Virtuozzo delivers a robust cloud platform for service providers that is easy to use and manage. The honor recognizes the company’s commitment to enabling these providers to rapidly launch an extensive portfolio of scalable cloud services that are viable, cost-effective alternatives to hyperscaler solutions.
The Storage Awards, also known as the Storries, recognize the finest products, companies, and people revolutionizing storage technology. Winners are chosen by Storage Magazine readers, making it one of the few programs driven by an independent selection committee comprised of users and IT decision makers. Virtuozzo was one of twelve nominees in the Cloud Enabler of the Year category and was a contender in five other categories—including Cloud Company of the Year for which it was named runner-up.
“Winning the Storage Award is an achievement we deeply appreciate, We understand that the decision was made by IT industry members who work with and understand what cloud solutions need to be, what they should enable to be truly beneficial to end users. We are committed to helping service providers generate revenue through competitive, easy-to-use solutions that offer growth and opportunity. As its adoption continues, we believe that Virtuozzo delivers on that promise.”
Alex Fine, CEO, Virtuozzo
Fast, Easy, Lower-Cost Cloud
Virtuozzo delivers everything ranging from Infrastructure-as-a-Service (IaaS) to platform-as-a-Service (PaaS) in a single cloud platform. It is purpose-built for hosting, cloud and managed service providers (HSPs, CSPs, and MSPs) complete with features and functions designed to help them easily implement and manage extensive, scalable cloud product portfolios. The simplicity of Virtuozzo frees service providers to focus on differentiating products as well as hands-on customer support—enabling them to quickly reach profitability while helping their users maximize their cloud investments.
Further, Virtuozzo offers its partners a full suite of professional services that help them go to market quickly and efficiently. These include Product Installation, Managed Cloud, Training, and Consulting among others—establishing a true, mutually beneficial collaboration.
About Virtuozzo
Virtuozzo provides the leading alternative cloud platform for service providers, enabling them to sell cloud services that are more accessible, more affordable and easier to use than hyperscaler solutions. The company’s legacy includes developing the first commercially available container technology and being a major contributor to numerous virtualization and open-source projects for more than 20 years. Today, Virtuozzo cloud solutions are used by more than 700 Cloud Service Providers, Managed Service Providers and Hosting Providers in 80 countries. Virtuozzo is based in Schaffhausen, Switzerland, and has more than 320 employees across the U.S., UK, Europe, and Asia-Pacific.
Read More